Author
Topic: iphone (SIAX client) and asterisk (Read 2882 times)

I don't either, could be some kind of proxy but that doesn't seem likely. Perhaps capture the traffic and take a look at the IAX handshaking .... its probably human readable, and it may confirm whether or not the traffic is actually coming (originally) from your VSP...

Guys this is a common networking issue. What you are trying to do is initiate traffic inside your firewall, reach the firewall and translate the address back to your internal host and send the traffic back inside. To me the easiest way to fix this is to use DNS... I don't know much about VOIP and I don't know if you can use a domain name instead of an IP address. If you can, problem solved. Use DynDNS to give your public address a domain name and then use an internal dns to map the same domain name to the internal address. If this is not possible, then you are looking at hairpin NAT which I do not know if LinuxMCE is capable of doing.

Because an origin endpoint and its router in a subnetwork may not recognize that a message is intended for a destination endpoint in the same subnetwork because it only knows its public IP address, the Internet Network Address Translation (NAT) server must be able to recognize the situation and hairpin the message back to the subnetwork so that it can reach its destination.

I am not an expert by all means, and there might be an easier way to do this so if someone knows of a better way please present it as I would love to know how.

I'm by no means an expert either. If it's a common networking issue, can someone explain why I can access lmce-admin (http) using the public IP of my core from within the lmce internal network, but the same is not true for this IAX service?

Raul - that's precisely why I asked davegravy to turn off his firewall, to eliminate the possibility of the NAT causing the issue in the way you described. He has done that - without the firewall, it becomes a straight router with no NATing involved - and yet it didn't solve the problem.

Colin you are right... I guess I missed that part.... I am very new to Linux and still learning the basics but one thing comes to mind... If you disable the firewall, does that take effect immediately or would you need to reboot?

Of course that still does not explain the fact that you can access the web admin site on the public address from inside (I understand this happens even with the firewall turned on?).

yeah, there is a core input rule that allows that, and its not doing the hairpin nat in that case, but either way once the firewall is turned off there is no natting anyway - no, it doesn't need a reboot... so I dunno why it doesn't work (always a bit dubious of the statefulness of UDP protocols, but can't think of anything specific in this case)

I've fixed this by implementing Raul102801's suggestion above. I modified my named configuration such that my dyndns hostname resolves to 192.168.80.1 from within my internal LMCE network, instead of the public internet IP of the core.

Do you guys consider this a band-aid solution? If not, should I modify the trac ticket (#324) i submitted for this issue and include my solution?